CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43867 – IBM Spectrum Scale command execution
https://notcve.org/view.php?id=CVE-2022-43867
06 Dec 2022 — IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437. IBM Spectrum Scale v5.1.0.1 a v5.1.4.1 podría permitir que un atacante local ejecute comandos arbitrarios en el contenedor. ID de IBM X-Force: 239437. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239437 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4926
https://notcve.org/view.php?id=CVE-2020-4926
24 May 2022 — A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600. Una vulnerabilidad en el componente core de Spectrum Scale 5.1 e IBM Elastic Storage System 6.1, podría permitir el acceso no autorizado a los datos del usuario o la inyección de datos arbitrarios en el protocolo de comunicación. IBM X-Force ID: 191600 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191600 • CWE-862: Missing Authorization •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4756
https://notcve.org/view.php?id=CVE-2020-4756
20 Oct 2020 — IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. IBM Spectrum Scale versiones V4.2.0.0 hasta V4.2.3.23 y versiones V5.0.0.0 hasta V5.0.5.2, así como IBM Elastic Storage System versiones 6.0.0 hasta 6.0.1.0, podrían permitir que un atacante local ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188599 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.2EPSS: 0%CPEs: 35EXPL: 0CVE-2016-0263
https://notcve.org/view.php?id=CVE-2016-0263
29 Jun 2016 — IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. IBM Spectrum Scale 4.1 en versiones anteriores a 4.1.1.5 y 4.2 en versiones anteriores a 4.2.0.2 y General Parallel File System 3.5 en versiones anteriores a 3.5.0.30 permiten a usuarios locales obtener privilegios o provocar una denegación de servicio a través de un comando mmapplypolicy manip... • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005708 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3045
https://notcve.org/view.php?id=CVE-2014-3045
19 Jul 2014 — IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access. IBM Scale Out Network Attached Storage (SONAS) 1.3.x y 1.4.x anterior a 1.4.3.3 situa la contraseña administrativa en el historial del shell al utilizar la opción -p para 'chuser', lo que permite a usuarios locales obtener información sensible mediante el ap... • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004815 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0706
https://notcve.org/view.php?id=CVE-2012-0706
07 Apr 2013 — IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine. IBM Scale Out Network Attached Storage (SONAS) 1.3 anterior a 1.3.2.3, requiere el almacenamiento en texto planto de las credenciales LDAP sin recomendar una cuenta con menos privilegios, lo que podría permitir a atacantes obtener i... • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004292 • CWE-255: Credentials Management Errors CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2163
https://notcve.org/view.php?id=CVE-2012-2163
30 Jul 2012 — IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue. IBM Scale Out Network Attached Storage (SONAS) v1.1 hasta v1.3.1 permite a administradores remotos autenticados ejecutar comandos arbitrarios de Linux a través de la (1) interfaz de línea de comandos o (2) interfaz gráfica de usuario, relacionada con asunto de "i... • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004170 • CWE-264: Permissions, Privileges, and Access Controls •